Press Release

January 31 , 2019

Cyberlaw.io Helping Doctors with Do-It-Yourself Cyber Risk Management Programs

Florida attorney James Curry, of Cyberlaw.io, discusses why every doctor should implement a cyber risk management program now.

Jupiter, FL

Many doctors run small businesses of less than 100 employees. Typically, their IT infrastructure consists of one network supporting one office.

“Regardless of the size of their office, a small medical office or medical group with multiple offices is still required to implement a cyber risk management program in order to comply with various state and federal laws and regulations, such as the HIPAA Security Rule, along with the doctors’ ethical obligations regarding protection of the practice and its patients’ private personal health information,” said attorney Curry, founder of Cyberlaw.io, which provides information on cyber risk management and offers comprehensive legal forms for sale for small doctor’s offices, accountants, insurance professionals and other regulated small businesses.

For example, doctors must comply with the HIPAA Privacy Rule and the HIPAA Security Rule. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establishes a national standard set of security standards for protecting certain health information that is held or transferred in electronic form.

“The Security Rule operationalizes the Privacy Rule by addressing the technical and non-technical safeguards that medical offices, as covered entities, must put in place to secure individuals’ electronic protected health information (e-PHI),” noted Curry.

Because HIPAA rules and regulations have been in effect for many years, most medical offices have developed policies and procedures that meet minimum compliance standards. “However, a medical office should go beyond compliance and implement a cyber risk management program as a business process related to risk management, which includes regular employee training, vendor management, penetration tests and vulnerability assessments,” added Curry.

By doing this, the medical office ensures that it is not only in compliance with HIPAA, but that it is also adequately managing cyber risk with appropriate resources, At a minimum, a medical office should have quarterly and annual reviews of its cyber risk management program, and require all employees to receive cyber risk training. It is also imperative that a medical office perform an annual cyber risk self-assessment along with penetration tests and vulnerability assessments. If it has been more than three years since a third party conducted an assessment of the medical office cyber risk management program, then the medical office should hire a consultant to conduct an independent assessment to establish a baseline and remediation plan to improve the practice’s cyber risk management posture.

The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. “Specifically, covered entities must ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit,” concluded Curry. “They must also identify and protect against reasonably anticipated threats to the security or integrity of the information; protect against reasonably anticipated, impermissible uses or disclosures; and ensure compliance by their workforce.”

About Cyberlaw.io

Cyberlaw.io is ideal for regulated small businesses that don’t have the money to pay for lawyers or expensive cybersecurity professionals. It meets the need for people who can’t justify the expense, so that they can get the paperwork they need and affordably stand up a cyber risk management program themselves. For more information, please call 1-833-232-9237 (1-833-23-CYBER), or visit https://www.cyberlaw.io/.

For media inquiries, please call the NALA at 805.650.6121, ext. 361.

Contact Author

Contact Us

Thank you for contacting us! We will get back to you as soon as possible.
Please enter the word you see in the image below:

We are located

During this unprecedented time, STARSTIX, THE NALA and STARKART are here to support your business. We are fully operational and available to continue conversations about your Campaign needs.
As a reminder:

  • We partner with thousands of grocery stores throughout the US and right in your neighborhood. These stores are NOT CLOSING and in fact are seeing unprecedented numbers of shoppers.

  • When this trying time is over, your Campaign will be in place to remind everyone who you are and why they should do business with you. Everyone will need to rebuild!

  • Our RDM Program will allow you to be Discoverable online as more people turn to digital options as a way of doing business.

We are here to help in any way we can. Be safe, be diligent and above all be healthy!
CUSTOMER SERVICE: (866) 767-3238

"British Columbia", "ON" => "Ontario", "NL" => "Newfoundland and Labrador", "NS" => "Nova Scotia", "PE" => "Prince Edward Island", "NB" => "New Brunswick", "QC" => "Quebec", "MB" => "Manitoba", "SK" => "Saskatchewan", "AB" => "Alberta", "NT" => "Northwest Territories", "NU" => "Nunavut", "YT" => "Yukon Territory" ); $state_list_usa = array( 'AL'=>"Alabama", 'AK'=>"Alaska", 'AZ'=>"Arizona", 'AR'=>"Arkansas", 'CA'=>"California", 'CO'=>"Colorado", 'CT'=>"Connecticut", 'DE'=>"Delaware", 'DC'=>"District Of Columbia", 'FL'=>"Florida", 'GA'=>"Georgia", 'HI'=>"Hawaii", 'ID'=>"Idaho", 'IL'=>"Illinois", 'IN'=>"Indiana", 'IA'=>"Iowa", 'KS'=>"Kansas", 'KY'=>"Kentucky", 'LA'=>"Louisiana", 'ME'=>"Maine", 'MD'=>"Maryland", 'MA'=>"Massachusetts", 'MI'=>"Michigan", 'MN'=>"Minnesota", 'MS'=>"Mississippi", 'MO'=>"Missouri", 'MT'=>"Montana", 'NE'=>"Nebraska", 'NV'=>"Nevada", 'NH'=>"New Hampshire", 'NJ'=>"New Jersey", 'NM'=>"New Mexico", 'NY'=>"New York", 'NC'=>"North Carolina", 'ND'=>"North Dakota", 'OH'=>"Ohio", 'OK'=>"Oklahoma", 'OR'=>"Oregon", 'PA'=>"Pennsylvania", 'RI'=>"Rhode Island", 'SC'=>"South Carolina", 'SD'=>"South Dakota", 'TN'=>"Tennessee", 'TX'=>"Texas", 'UT'=>"Utah", 'VT'=>"Vermont", 'VA'=>"Virginia", 'WA'=>"Washington", 'WV'=>"West Virginia", 'WI'=>"Wisconsin", 'WY'=>"Wyoming" ); ?>

Thank you for your interest in the
NALA's Reputation & Directory Management platform

Not Sure? Try Us For Free!
Start My Free 14-Day Trial